The entire document is dated August 9, 2013 and has no attributable names or contact details in it. Its most striking portion? A separate block of text on page six, which states:

According to figures published by a major tech provider, the Internet carries 1,826 Petabytes of information per day. In its foreign intelligence mission, NSA touches about 1.6% of that. However, of the 1.6% of the data, only 0.025% is actually selected for review. The net effect is that NSA analysts look at 0.00004% of the world’s traffic in conducting their mission—that’s less than one part in a million. Put another way, if a standard basketball court represented the global collection, it would be an area smaller than a dime on that basketball court.

And, nearly directly below that section, the NSA presents its strongest categorical denial of using foreign partners to circumvent American law:

NSA partners with well over 30 different nations in order to conduct its foreign intelligence mission. In every case, NSA does not and will not use a relationship with a foreign intelligence service to ask that service to do what NSA is itself prohibited by law from doing. These partnerships are an important part of the US and allied defense against terrorists, cyber threat actors, and others who threaten our individual and collective security. Both parties to these relationships benefit.

The document begins by referencing the September 11, 2001 attacks on New York and Washington, DC, and notes that the NSA “did not have the tools or the database to search to identify [terrorist] connections and share them with the FBI.” The NSA then argues: “We do not need to sacrifice civil liberties for the sake of national security; both are integral to who we are as Americans. NSA can and will continue to conduct its operations in a manner that respects both.”

And how, pray tell, might an American’s e-mail be accidentally swept up in a dragnet that is ostensibly targeting a foreign suspect?

For example, a US person might be courtesy copied on an e-mail to or from a legitimate foreign target, or a person in the US might be in contact with a known terrorist target. In those cases, minimization procedures adopted by the Attorney General in consultation with the Director of National Intelligence and approved by the Foreign Intelligence Surveillance Court are used to protect the privacy of the US person. These minimization procedures control the acquisition, retention, and dissemination of any US person information incidentally acquired during operations conducted pursuant to Section 702.

Of course, also on Friday, The Guardian published an excerpt from a document leaked by Edward Snowden showing that the NSA has the ability to search Americans’ e-mails—but apparently restrains itself from doing so. The document also notes that Section 215 of the Foreign Intelligence Surveillance Act—the business records provision—is what gives the government the authority to capture telephony metadata.

At the end of the document, the NSA also argues that it has adequate oversight from a number of government agencies—Bruce Schneier probably would disagree with that—and also is able to police itself.

As the NSA concludes:

In addition to NSA’s compliance safeguards, NSA personnel are obligated to report when they believe NSA is not, or may not be, acting consistently with law, policy, or procedure. This self-reporting is part of the culture and fabric of NSA. If NSA is not acting in accordance with law, policy, or procedure, NSA will report through its internal and external intelligence oversight channels, conduct reviews to understand the root cause, and make appropriate adjustments to constantly improve.

Cyrus Farivar
Cyrus is a Senior Tech Policy Reporter at Ars Technica, and is also a radio producer and author. His latest book, Habeas Data, about the legal cases over the last 50 years that have had an outsized impact on surveillance and privacy law in America, is due out in May 2018 from Melville House. He is based in Oakland, California. Emailcyrus.farivar@arstechnica.com//Twitter@cfarivar

the Internet carries 1,826 Petabytes of information per day. In its foreign intelligence mission, NSA touches about 1.6% of that. However, of the 1.6% of the data, only 0.025% is actually selected for review. The net effect is that NSA analysts look at 0.00004% of the world’s traffic in conducting their mission

1,826 Petabytes (~1,826,000,000GB) * 0.0000004 = 730.4GB

I feel so much better knowing the NSA only looks at 3/4 of a TB of internet traffic a day.

To get an idea the amount of data that is, let's assume they're watching Netflix videos in HD (about 3.8Mbits). That means they're "only" watching about 427 hours of HD video per day! That's hardly anything!

If we were to ignore Netflix, Youtube, and the various other video streaming sites, bittorrent / usenet movie and music piracy, 1.6% of global internet traffic is a truly staggering number. I wouldn't be surprised if every email and text communication fell under the "only" 1.6%.

this amount of data speaks more to efficiency than what is is being painted as. sigint has some PR issues now so they want to reassure people.

when I am looking for data, I dont touch all of it because I know I dont have to. I know in general where what I want is, I select from that fraction of a percent of my available base and that is all that is needed for the days analysis.

I feel so much better knowing the NSA only looks at 3/4 of a TB of internet traffic a day.

To get an idea the amount of data that is, let's assume they're watching Netflix videos in HD (about 3.8Mbits). That means they're "only" watching about 427 hours of HD video per day! That's hardly anything!

Makes you really wonder how many people had access to this data.

To put it another way, they could analyze 365 million tweets (including *all* metadata) each day. Given the similarities in size between tweets and emails, they are actively looking at millions of emails each day.

Don't ever piss off any of the 1 million nsa top clearance guys! What is that? .25 % of the population. What is the chance that happens already? He will probably research you, family and pets and pass some tips to the DEA or FBI.

My concern is that people ALLWAYS will abuse if let to do so. History confirms, and psycology proved it over and over. remember east germany and the stasi? My kids have to be protected ftom an all knowing, not forgetting, always punishing no mercy government. Where is the civilty, moral compass and example of human's best in all this?

More seriously, wouldn't that 1.6% be maybe 99% of the addresses? URLs, IP numbers, To-From email addresses? Following this thought, they capture ("touch") nearly all the metadata of the global Internet, then examine the content of the fraction that looks interesting.

More seriously, wouldn't that 1.6% be maybe 99% of the addresses? URLs, IP numbers, To-From email addresses? Following this thought, they capture ("touch") nearly all the metadata of the global Internet, then examine the content of the fraction that looks interesting.

Yes totally right. Statistics are the best way to cover up real numbers. Video, torrents, software upgrades are all fluff that can be easy skipped. The relations are way more interesting. Who was/is the agitator. They learned a lot from the arab spring. The next thing is the "person of interest" dissent robo detector! There was a faint mention of some danger grading sytstem, a rating on each connection entry.

There is little hope that this will stop ever. The only soluton is encryption wherever possible. VPN and SSL. No other solution possible now.

Sorry for the ranting,but this whole thing upsets me like nothing before.

This is getting to be a facepalmed moment. The NSA and the US Govt do not have any credibility left unless there is an innocent, non-interested third party reviewing their operations and informing about the public of its innocence and the legality of its operation. Well, there is the problem right there. A guilty criminal claiming he is innocent carriers little weight. They can pretty much say anything they want and they know we aren't buying it. They think we are "stupid Americans.." Look, the British Intelligence Agency get paid $150m for helping and cooperating with the NSA and the German Intelligent Agency handing over 500m of data per day to the NSA......what do you call this? I call this "foreign intelligence agency helping the NSA to spy on the world and us Americans." With the NSA, I bet they have some cute, slick terms to describe this network of spying ring..... This is called outsourcing.... You just have to love their PR work here and constantly painting a picture that they have been spying foreigners only. So, it is ok to spy on foreigners?

Frankly, I really don't care about what the administration is going to do. I am more interested in what other leaks The Guardian would reveal. And just watching the administration slowly being imploded. At the same time, the 3 weeks leading up to the German election would be interesting since the SPD, the opposition party, is trying to make the NSA scandal a pivotal platform for their campaign. There is the international fall out there....

NSA “did not have the tools or the database to search to identify [terorrist] connections and share them with the FBI.”

For anyone unfamiliar with how the 9/11 investigation went ( or did not go ) that might not realize what a steaming load of horseshit this statement is please read the story of FBI Agent Coleen Rowle:

http://en.wikipedia.org/wiki/Coleen_RowleyAfter the September 11, 2001, attacks, Rowley wrote a paper for FBI Director Robert Mueller documenting how FBI HQ personnel in Washington, D.C., had mishandled and failed to take action on information provided by the Minneapolis, Minnesota Field Office regarding its investigation of suspected terrorist Zacarias Moussaoui. Moussaoui had been suspected of being involved in preparations for a suicide-hijacking similar to the December 1994 "Eiffel Tower" hijacking of Air France 8969. Failures identified by Rowley may have left the U.S. vulnerable to the September 11, 2001, attacks. Rowley was one of many agents frustrated by the events that led up to the attacks, writing:

During the early aftermath of September 11th, when I happened to be recounting the pre–September 11th events concerning the Moussaoui investigation to other FBI personnel in other divisions or in FBIHQ, almost everyone's first question was "Why?--Why would an FBI agent(s) deliberately sabotage a case? (I know I shouldn't be flippant about this, but jokes were actually made that the key FBI HQ personnel had to be spies or moles, like (Robert Hanssen), who were actually working for Osama Bin Laden to have so undercut Minneapolis's effort.)

It's pretty pointless for the NSA to make any kind of public statement at all. I do not, and will not, believe anything they say. Dissolve the agency, destroy the data, bulldoze the facilities. Rebuild it from the ground up, with new staff, no secret laws or secret court, everything visible to the people paying for it - us. THEN I might not check up on them if they say the sky is blue.

And you know what will happen to the country while they're out of action? My best guess is, absolutely nothing.

Do these fucking assholes think that we believe an ounce of what they tell us? They've already been caught lying to us on multiple occasions in the past few months. They must be retarded to think that we'll just go "Oh, well 1.6%, that's not so bad. Nevermind, guys, keep doing your thing!"

And even if I believed their bullshit statement, which I don't, 1.6% is about 1.5999999% too much, in my opinion.

I really hope America wakes up soon and forces the NSA to face some extreme consequences in the form of heavy civilian oversight, legal reform severely curtailing their abilities to spy on citizens, and prosecution/investigation to those making the policies (that last one is never going to happen, however).

Are "touch" and "selected for review" defined here? If data is copied onto their servers -- which they've already defined as not being bulk collection because the data is retained for only 3-30 days -- but not viewed, does that count as "touching" it? If that data is searched but does not come up as a hit does that count as "touching" it?

In addition to NSA’s compliance safeguards, NSA personnel are obligated to report when they believe NSA is not, or may not be, acting consistently with law, policy, or procedure. This self-reporting is part of the culture and fabric of NSA. If NSA is not acting in accordance with law, policy, or procedure, NSA will report through its internal and external intelligence oversight channels, conduct reviews to understand the root cause, and make appropriate adjustments to constantly improve.

Whenever I read the latest NSA or whitehouse press release, I'm strongly reminded of this passage from the eerily appropriate Cryptonomicon:

Quote:

But that's bullshit!…Can't you recognize bullshit? Don't you think it would be a useful item to add to your intellectual toolkits to be capable of saying, when a ton of wet steaming bullshit lands on your head, 'My goodness, this appears to be bullshit'?

This I don't get: maybe it is just me and how I've worked in commercial IT-Security for a long time, but we've known about the NSA forever. We've known that the FBI is focused within our borders, the CIA is focused beyond our borders, and since its beginning the NSA (SIGINT) has been focused on all things related to communications. The discovery of threats to the country. That has always meant, in my understanding at least, the NSA listens to Everything. This has been public and well known. Of course they don't have an army to study each and every message, phone call and email, they're focused more on studying the network analysis of traffic, drilling into the undiscovered corner of threat traffic to build new leads for active orgs like the CIA. If they've been tuning into every data signal all along, really what's changed? Do folks today somehow think something newly sinister is going on at the NSA? I get the argument that National Security Letters and gag-orders are too much and a threat to the 1st amendment, that more aggressive oversight would be a good thing... Any actual abuse must be aggressively punished. But are folks really surprised the the truly brightest computer scientists and mathematicians at the NSA would have the tools and capabilities recently described?

n addition to NSA’s compliance safeguards, NSA personnel are obligated to report when they believe NSA is not, or may not be, acting consistently with law, policy, or procedure. This self-reporting is part of the culture and fabric of NSA. If NSA is not acting in accordance with law, policy, or procedure, NSA will report through its internal and external intelligence oversight channels, conduct reviews to understand the root cause, and make appropriate adjustments to constantly improve.

I've worked at too many organizations, public, private, and governmental to believe the quote above. There is way too much pressure to conform to get ahead. Squeaky wheels get "oiled", with the squeakiest usually getting "transferred" or "removed."

Also, the adverse treatment of legitimate whistle-blowers is ample proof enough that little, if any, functional reforms will occur.

When there is a cancer, if at all possible, one excises it. I'm afraid that the NSA and its ilk have become so malignant in their conduct that excision is the only remedy.